One of Elgg's most powerful features since day one has been its access controls. Any item of content you create - an uploaded file, a blog post, an element on your profile - can be restricted to as many or as few people as you want. For example, an event announcement might be publicly viewable, but you might also have some internal notes that you only want your close colleagues to see. Elgg deals with these distinctions securely and easily.
For the latest version, we've dramatically improved both the interface and the flexibility of the access permission system. Creating collections of friends is easier than ever before, and if you don't like Elgg's individual-based access model, you can swap it out with something else - for example, a roles-based access control list.
In Elgg 1.0, you can group your friends into collections: for example, close friends, work colleagues, or perhaps people working with you on a particular project. These collections can then be used to share bookmarks or other items, as well as easily reference content by subdivisions of your friends. Perhaps most powerfully, these also feed into your access control options when you create a new item of content.
When you upload an item, you're presented with a pulldown menu containing three default options (Public, Logged in users and Private), as well as any friends collections you've created and - when you're uploading to a group - the option to restrict it to a group's members only. Plugins can also add to this list, to create different kinds of access controls.
These go straight to the core of the data model. It's not that content a user doesn't have access to is never displayed; it's never retrieved from the database or touched by the Elgg software at all. Every entity in the system (including the site itself) has an access level at its centre.
However, the access permission system has an override hook built into it, so that Elgg plugins can provide completely different access systems. Some might want to provide an interface over the top based on Active Directory roles (particularly when used in conjunction with Elgg's LDAP integration); some might provide integrations with other systems or entirely new ways of controlling permissions. We always recommend using an access system in conjunction with Elgg's built in one, but you can effectively replace it entirely.
This has potential uses in a number of places. For example, schools may need certain users to have the ability to see all content for various reasons. Meanwhile, many enterprises may already have an access system in place across their network, and might want it to persist within their Elgg-powered intranet. Either way, we've anticipated the need, and Elgg is ready to take it on.
